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DETAILED ACTION 



1 . This Action is in response to applicant's application of 08 March 2004. 

2. Claims 1-35 are pending. 



3. With the amendment to figure labeling it as 3 and not 5, objection to the drawings 
is withdrawn. 



4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1-1 1 and 26-35 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. The removal of the term "close" in claim 1 
does not cure the problem and in some sense worsen its. The claim now reads 
"rendering infeasible the possibility of mapping two messages together in the space". 
The question now arises what is meant by mapping two messages together? Does this 
mean that the two messages are placed together and mapped (like sticking two letters 
in the same envelop and mailing it or does it mean the result of the mapping of two 
different messages will not map to nearby lattice points as the original claim suggests. 
Rejection under 1 12 is maintained. 

The rejection of claims 12 - 18 are rejected under 35 U.S.C. 112, second 
paragraph, is withdrawn with the new amendment. 



Drawings 



Claim Rejections - 35 USC §112 
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The rejection of claims 19-25 are rejected under 35 U.S.C. 112, second 
paragraph, is withdrawn with the new amendment 

For the purpose of applying prior are the examiner will keep the original interpretation of 
claim 1 , as meaning that the points either fall inside or outside a certain predetermined 
distance. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-35 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ajtai/Dwork A Public-key Cryptosystem with Worst-Case/Average-Case Equivalence, 
November 8, 1996, and further in view of Diffie/Hellman New Directions in Cryptography 

5. As per claim 1 , the limitation of using a lattice JL (as a computationally hard 
problem see page 12 section 1) for a public key system is disclosed Ajtai/Dwork see 
bottom of page 1 and continuing to page 2; page, 4, second complete paragraph from 
top and pages 13-14. A lattice has a representation in terms of a basis bi, b 2 , ... b n for a 
Lattice A , the basis generates the lattice as follows 

4bi, b2 l ...b„) = {J>ib i |bi l b 2l ...b n <EZ} 
See page 2 Definitions and in particular page 3 a lattice . The limitation of a random 
basis for a private key is disclosed page 14, # 1 and the construction of a different 
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random basis for the public key #5. The limitation of using the shortest basis as a point 
of consitutes a hard problem (intractable) and thus the basis of a public key 
cryptosystem is disclosed page 12 section 1 first and second paragraph). The problem 
of finding the short lattice vector, which constitutes the computationally hard problem, 
constitute the private key in a public key cryptosystem and public key will correspond 
to the dual system. Ajtai/Dwork further disclose encryption and decryption using the 
lattice on page 14 under that heading. Ajtai/Dwork further disclosed a predetermined 
distance for the acceptance or rejection of the closeness of two points (see page 4 first 
complete paragraph from top). Ajtai/Dwork are silent on an associated digital signature 
which relies on the hard problem of their public key cryptosystem. 

Diffie/Hellman disclose the use of public key cryptosystems for digital signing 
messages that thus authenticating the sender of the message to the recipient (page 35 
second column second paragraph from bottom). Diffie/Hellman further teach the use 
of a one way function f (a hash function) which are easily computable in one direction 
and computationally infeasible to reverse the process as a means of data 
authentication, to guarantee the authenticity of the message to the receiver (page 35, 
first column next to last paragraph, page 31, column 2, first compete paragraph). 
Further these two actions, authenticating the data could be combined into a single 
action by hashing the message signing the message with the private key of the public 
key system and then sending the message concatenated with the hashed signature to 
the recipient. Thus the message would have been referred to the public lattice basis 
say as a point x and the signature would have been referred to as a point y in the 
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private lattice basis in the latticed . It would have been obvious to one of ordinary skill 
in the art at the time of the invention was made to have combined the invention of 
Ajtai/Dwork with the teachings of Diffie/Hellman (page 35 second column second 
paragraph from bottom and page 31 , column 2, first complete) to have obtain digital 
signature scheme in a lattice public key system because as Diffie/Hellman point out in 
section 4, "The problem of authentication is perhaps an even more serious barrier to the 
universal adoption of telecommunications for business transaction than the problem of 
key distribution. Authentication is at the heart of any system involving contracts and 
billing. Without it, business cannot function". Claim 1 is rejected. 

6. As per claim 2, the limitation of returning the message point x and the lattice 
point y as the digital signature is discussed in claim 1 . returning both is necessary in 
order to verify the signature and further determine the authenticity of the message. 
Claim 2 is rejected. 

7. As per claim 3, further comprising randomizing the function f. Diffie/Hellman note 
(page 36, column 2, second paragraph) that a one way function f is a building function 
to both encryption functions (e.g. block ciphers) and key generators (pseudorandom 
sequence). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have continually changed the function f in a random fashion, 
because all pseudorandom sequences have periods from which the function f can be 
determined. Randomly changing this function permits the use of this function over a 
lengthy period of time without compromising the cryptosystem. Claim 3 is rejected. 
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8. As per claim 4, the limitation that the message f is randomized by concatenating 
the message u with a random number p. Diffie/Hellman note (last paragraph, column 2) 
that ciphertext only attacks succeed because the cryptanalysis knows the statistical 
properties of a language or certain probable words or more generally certain message 
formats (called cribs) that enable the cryptanalysis to establish certain correspondence 
between ciphertext and plaintext. The use of nulls, as it was known in the nineteenth 
century or padding or salting (especially for passwords), adds random text to the 
message to prevent such attacks from working. It would have been obvious to one of 
ordinary skill in the art to have padded messages with random text (numbers) to prevent 
such attacks. Claim 4 is rejected. 

9. As per claim 5, the limitation that the function f maps the message u to a point on 
a grid disclosed by Diffie/Hellman page 35, column 2 paragraph 2. Diffie/Hellman 
disclose for the functions suitable for f sparse polynomials over finite field. Thus f maps 
y to a point in the range space of f. Both the domain and range spaces would constitute 
a finite grid and hence the limitation is met. Claim 5 is rejected. 

10. As per claims 6, and 8 the limitation that the function f may be collision 
intractable is disclosed page 35 second to last paragraph in particular "we are defining a 
function which is not invertible from a computational point of view. Certainly an 
invertible function is collision intractable and if in addition its inverse is computationally 
difficult it would serve as a one way function. Further in the same paragraph 
Diffie/Hellman consider the case of a one way function which has f(xi) = y = f(x 2 ) that is 
they are computationally intensive and have collisions that is for a single y, xi = x 2 . 
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Thus one of ordinary skill in the art at the time the invention was make would have 
consider forms of f that satisfy both of these conditions in order to increase the security 
in the case of the collision intractable case or increase flexibility in the case that f allows 
collisions. Claims 6 and 8 are rejected. 

11. As per claim 7, the limitation that the collision intractability of is based on a 
computational hard problem such as a lattice problem, Diffie/Hellman have pointed out 
that the one way function f are based on "overwhelmingly" difficult (hard) problems (see 
column 1 bottom page 35, Diffie/Hellman explain what they mean by overwhelmingly 
difficult in section 6 in terms of NP complexity) and Ajtai/Dwork teach lattice problems 
as computationally hard. Thus one of ordinary skill in the art at the time the invention 
was made would have been motivated to apply the teachings of Diffie/Hellman to the 
invention disclosed by Ajtai/Dwork because the encryption system already has the 
lattice problem in place either in software or hardware or both. Claim 7 is rejected. 

12. As per claim 9, the limitation that the function f maps the message y to an 
auxiliary lattice. Diffie/Hellman disclose that the hard over which the Encryption function 
(i.e. hard lattice problem disclosed page 14 of Ajtai/Dwork) does not have to be the 
same in which the function f is based (that is sparse polynomials over a finite field 
Diffie/Hellman page 35 second comment see Purdy comment), and thus one of ordinary 
skill in the art at the time the invention was made would have not necessarily been 
motivated to base both the encryption function and the hashing function on the same 
hard problem (that is the same lattice or different lattice problems) for security reasons. 
One might leak more information (bits) in the hashing process than in the encryption 
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process or vice versus and thus might have to use different lattices or even different 
lattice problems, entirely. Claim 9 is rejected. 

13. As per claim 10, the limitation of verifying the digital signature by determining 
whether the distance between the lattice point x and y vary no more than a 
predetermine amount. Ajtai/Dwork teach the use of two basis to span a lattice (see 
page 14, 1-5). Unless these bases are both defined along the same direction and are 
commeasurable, a point in one representation would not in general be a point in the 
other basis. Ajtai/Dwork further defined a distance (page 2, lines before the first 
complete paragraph). That there is a constraint on length for a message or digital 
signature to be accepted (see second complete paragraph page 4). Claim 10 is 
rejected. 

14. As per claim 1 1 that the predetermined distance is related to the number of 
dimensions n in the lattice ^ . See Ajtai/Dwork top page 4 . Claim 1 1 is rejected. 

15. As per new claim 12, the additional limitation of computer code for mapping a 
message // or a concatenation thereof to a message point "x" in n-dimensional space, 
the message point "x" being a point of a grid or a point of an auxiliary lattice 
(corresponds to the n-dimensional space x e R n and x is in the dual lattice L* (see page 
3 top of Ajtai/Dwork); computer readable code means for finding a point "y" of a key 
latticed (from lattice y gL top page 3 ) that is not the same as the auxiliary lattice ( a 
lattice and its dual are different as defined by the relationship between their basis (bi, 
b 2 , ... b n ) and (ci, c 2 , ... c n ), top of page 3 under first equation Ajtai/Dwork. The 
process of using the public key to encrypt a message // (or as discussed above 
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concatenation with padding as discussed above) and the decryption using the private 
key is described at the top of page 2. 

16. Claims 12-15 and 17-18 with the new limitation addressed above, are directed 
towards a computer program storage device with instructions to implement method 
claims 1 , 6, 3, 4 and 8-9; and are rejected in view of the same prior art of record. 

17. As per claim 16, the limitation that f maps the message to a point on a grid was 
addressed in 5, the limitation of collision intractable was addressed in claim 6 and finally 
the intractability being based on the hardness of the lattice problem was address in 
claim 7. It would have been obvious for one of ordinary skill in the art at the time the 
invention was made to have been motivated to combine these features because they 
each add to the overall security and ease of implementation of the encryption device. 
Claim 16 is rejected. 

18. As per claim 19, a public key encryption/decryption system capable of producing 
digital signatures for an electronic message, is disclosed by Ajtai/Dwork modified by 
Diffie/Hellman see discussion in claim 1. Creating a message and representing as a 
point on the general basis (public key basis) as x and creating a lattice point y on the 
private key basis which are a predetermined distance apart are disclosed in Ajtai/Dwork 
see discussion in claim 1 . Transmitting the message and x and y and determining the 
distance between x and y at a remote site fall within the predetermined distance are 
disclosed in Diffie/Hellman as the function of any public key telecommunication system 
(see introduction especially first and second paragraph column 1 ) and Ajtai/Dwork tope 
page 4. It would have been obvious to one of ordinary skill in the art at the time the 
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invention was made to have combine these separate aspects into a single secure 
communication system because as Diffie/Hellman discuss in the first paragraph of the 
introduction, "we stand today on the brink of revolution in cryptography" which will be 
able to exploit these aspects in a modern telecommunication environment. Claim 19 is 
rejected. 

19. Claims 20-25 are system limitations incorporated the limitations of claims 16, 4, 
6-8, and 1 1 and are rejected in view of the same prior art of record. 

20. As per claim 26, the limitation of generating a latticed having at least two basis is 
disclosed in Ajtai/Dwork page 2 equation at bottom of page and page 14 steps 3-5. 
Unless the randomly chosen basis is chosen commeasurable with the short basis or 
parallel the to the short basis it must have a different length and hence there will be a 
short basis and a long basis. A mapping that maps the concatenation of u to a point x 
in an n-dimensional space, the message point x being an element of a set of equally 
spaced points is disclosed Ajtai/Dwork page 2 last equation from bottom. According to 
the formula, the set to which x belongs to is an n dimensional set of points generating 
by choosing integers Xj e Z. Thus enumerating all possible integers will generate a set 
of equally spaced points to which x belongs. The limitation of using the short basis, 
finding a lattice point y in the lattice A that is within a predetermined distance of the 
message point x is disclosed by Ajtai/Dwork see page 1, bottom of page and continuing 
to top of page 2. Note decryption is determined using a predetermined distance (from a 
hyperplane) that is the dual to the first basis (or second basis), and again page 4, 
second complete paragraph from top. Ajtai/Dwork are silent about the use of the public 
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key cryptosystem to develop a digital signature however as discussed in claim 1 and its 
implementation on a computer base framework, Diffie/Hellman provide the details of 
how this can be done see for example page 35 second column third complete 
paragraph from top. Further Diffie/Hellman disclose the use of public key 
cryptosystems, in general, to telecommunication and computers see introduction. Claim 
26 is rejected. 

21 . As per claim 27, the limitation that the mapping is undertaken using a function f is 
met as a mathematical truism. For example see the CRC Concise Encyclopedia of 
Mathematics by Eric W. Weissten page 1136. "The terms FUNCTION and MAPPING 
are synonymous with map. Even if this were not considered Ajtai/Dwork as modified by 
Diffie/Hellman disclose that the mapping process is via a one way function f which in 
from the standpoint of Diffie/Hellman is necessary in order to determine data integrity 
(page 35 second column), authenticity (page 35 second column) and data security 
(privacy page 30, bottom and continuing to the second column). Claim 27 is rejected. 

22. Claims 28-35, which are dependent on claim 26, parallel claims 4-1 1 , which are 
dependent on claim 1 . Claim 26 recites a method for digitally signing data and does 
not specify that the long and short basis are associate with the public and private keys 
whereas claim 1 does. Thus claim 26 broadens the limitations of the invention however 
addition of the sub limitations would rely on the same prior art and motivation for 
combining. Claims 28-35 are rejected. 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Response to Arguments 

In response to applicant's argument that 08 March 2004, the test for obviousness 
is not whether the features of a secondary reference may be bodily incorporated into the 
structure of the primary reference; nor is it that the claimed invention must be expressly 
suggested in any one or all of the references. Rather, the test is what the combined 
teachings of the references would have suggested to those of ordinary skill in the art. 
See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981). 

With regards to the statement that "whereas Diffie-Hellman (New Directions in 
Cryptography, November 1976) is directed to another way that is virtually orthogonal to 
lattice methods, namely, by factoring a large number obtain as a product of two large 
prime number" is to totally disregard the purpose of the paper and that is to introduce 
public key cryptography "as a new direction". The Diffie-Hellman paper is directed to 
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the general concept of public key system in general and does not as the applicant 
suggests, "by factoring a large number obtain as a product of two large prime numbers". 
That system was indeed purposed in a paper by Rivest, Shamir, and Adleman (A 
Method for Obtaining Digital Signatures and Public-Key Cryptosystems) one years later 
(February 1978) as a specific example of the Public-Key system which Diffie-Hellman 
purposed. Therefore to state that the lattice public key system of the applicant "is 
virtually orthogonal to lattice methods" is puzzling as Diffie-Hellman paper, New 
Directions in Cryptology, is consider to be a landmark paper in Cryptology and the 
definitive paper in the discussion in public key. Again the apparent misconception is 
later expressed in a second place "it is doubtful whether very much of the explanation of 
the rejection would be comprehensible, much less persuasive, to the Board, who can be 
counted on to recognize the gulf between Diffie-Hellman's prime number factorization 
scheme and Atjai/Dwork's lattice method and, hence, the lack of any rational 
expectation of success in combining the two." Again the Diffie-Hellman paper is the 
perfect paper to apply as secondary (teaching) reference as it lays out in lucid detail 
what a public key system is, indeed the attributes of all public key systems. With an 
understanding of the significance of the Diffie-Hellman paper is to Cryptography and in 
particular public key cryptography, Again the applicant's statement "generating public 
key/private key pairs by combining lattice-based techniques with factoring two primes 
numbers" represent a total misunderstanding of the Diffie-Hellman paper and further 
misrepresents the examiners arguments. 
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The Diffie-Hellman paper lays out what any public key system should satisfy, 
encryption with two keys, a public key for encryption and private key for decryption, 
digital signature, key distribution, authentication, hash function and he discusses these 
in terms of mathematically intractable problems (so called NP problems) of which in the 
discussion of the first action the examiner went into. Further they discuss how the 
public private key pair should be related to the mathematically intractable problem. How 
the Digital Signature can be defined in terms of the intractable problem (hard problem) 
and how key exchange, and authentication can be defined in terms of mathematically 
hard problems. The lattice-problems are recognized hard problems and therefore fall 
under the Diffie-Hellman discussion. So also is the factoring problem, discrete log, 
algebra curves problems, knapsack problems, scheduling problems, graph and coloring 
map problems to mention a few of the more than 300 categorized problems types "and 
several times that many in total" mentioned in Computers and Intractability, A Guide to 
the Theory of NP-Completeness, Michael R. Garey and David S. Johnson. Every 
public-key cryptosystem to date has been followed the original discussion presented in 
the Diffie-Hellamn New Direction in Cryptography paper. In The Ajtai/Dwork (Appendix 
1 , Lattice-Based Cryptography page 12), the authors point out that their work is based 
on the assumption that it is computationally infeasible to find the shortest vector in a 
random instance of a certain class of lattices in which the shortest vector is unique in a 
sense described below" clearly recognize their lattice based public key system is based 
on a computationally infeasible problem and herein lies the bridge between the two 
papers. Diffie-Hellman in New Directions in Cryptography describe in lucid detail what 
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can be done with any computationally infeasible problems (section 6), including how to 
use it to an encryption system, section 3, and 5 (how to use the hard problem to create 
a trap door so that the public and private key can be created and secure), key 
distribution page 34, design digital signatures and in particular hash function (section 4). 
Diffie-Hellman provide the many advantages of a public key system in their introduction 
"We stand today on the brink of a revolution in cryptography. The development of 
cheap digital hardware has freed it from the design limitations of mechanical computing 
and brought the cost of high grade cryptographic devices down to where they can be 
used in such commercial application as remote cash dispenser and computer terminals. 
In turn, such application create a need for new types of cryptographic systems which 
minimize the necessity of secure key distribution channels and supply the equivalent of 
a written signature. At the same time, theoretical developments in information theory 
and computer science show promise of providing provably secure cryptosystem 
changing this ancient art into a science." There then go to discuss it effects on 
telecommunication network etc. Certainly these same reason would motivate any 
person trying to exploit a new infeasible problems (such as the lattice based 
cryptographies that Ajtai and Dwork purpose, to consider in addition to encryption, 
digital signatures, key distribution, authentication, and many of the other features 
outlined in the Diffie-Hellman paper 

If the applicant has difficulty interpreting the examiner's discussion on page 5, 
then this may help. If not, the applicant should submit specific questions and the 
examiner will be happy to answer them. 
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New limitations have been address above in the 1 12 (2) and in 15. 



Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to James Seal whose telephone number is 703 308 4562. 
The examiner can normally be reached on M-F, 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 703 305 4393. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




Jws 



14 May 2004 
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